* [dunfell][meta-oe][PATCH] networkmanager: update to 1.22.16
@ 2021-11-03 7:20 Marta Rybczynska
2021-11-03 15:13 ` [OE-core] " Steve Sakoman
0 siblings, 1 reply; 3+ messages in thread
From: Marta Rybczynska @ 2021-11-03 7:20 UTC (permalink / raw)
To: openembedded-core; +Cc: steve, Marta Rybczynska, Marta Rybczynska
NetworkManager 1.22.16 contains a fix for CVE-2020-10754.
This version includes an additional option by default for firewalld zones,
--enable-firewalld-zone that installs additional files. Disable it to
keep the old behaviour if no firewalld.
Also include a patch for fixing reallocarray usage from gatesgarth
meta-openembedded 165ad9ad4c86c9e63f3afcf3172c8e1d3629f3a5 required
for the build.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
.../fix_reallocarray_check.patch | 27 +++++++++++++++++++
...r_1.22.10.bb => networkmanager_1.22.16.bb} | 7 ++++-
2 files changed, 33 insertions(+), 1 deletion(-)
create mode 100644 meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
rename meta-networking/recipes-connectivity/networkmanager/{networkmanager_1.22.10.bb => networkmanager_1.22.16.bb} (95%)
diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch b/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
new file mode 100644
index 000000000..0a8de5410
--- /dev/null
+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
@@ -0,0 +1,27 @@
+reallocarray() is coming from stdlib.h which maybe indirectly included
+by malloc.h but not on all libc implementations
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+--- a/meson.build
++++ b/meson.build
+@@ -114,7 +114,7 @@ config_h.set10('HAVE_GETRANDOM', use_sys
+ # FIXME secure_getenv check is not useful?
+ config_h.set('HAVE_SECURE_GETENV', cc.has_function('secure_getenv'))
+ config_h.set('HAVE___SECURE_GETENV', cc.has_function('__secure_getenv'))
+-config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include <malloc.h>'))
++config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include <stdlib.h>'))
+ config_h.set10('HAVE_DECL_EXPLICIT_BZERO', cc.has_function('explicit_bzero', prefix: '#include <string.h>'))
+ config_h.set10('HAVE_DECL_MEMFD_CREATE', cc.has_function('memfd_create', prefix: '#include <sys/mman.h>'))
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -82,7 +82,7 @@ AC_CHECK_DECLS([
+ AC_CHECK_DECLS([
+ reallocarray],
+ [], [], [[
+-#include <malloc.h>
++#include <stdlib.h>
+ ]])
+
+ AC_CHECK_DECLS([
diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.10.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.16.bb
similarity index 95%
rename from meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.10.bb
rename to meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.16.bb
index 33a2b7c0c..ff784b8ce 100644
--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.10.bb
+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.16.bb
@@ -26,6 +26,7 @@ SRC_URI = " \
file://${BPN}.initd \
file://0001-Fixed-configure.ac-Fix-pkgconfig-sysroot-locations.patch \
file://0002-Do-not-create-settings-settings-property-documentati.patch \
+ file://fix_reallocarray_check.patch \
"
SRC_URI_append_libc-musl = " \
file://musl/0001-Fix-build-with-musl-systemd-specific.patch \
@@ -33,7 +34,7 @@ SRC_URI_append_libc-musl = " \
file://musl/0003-Fix-build-with-musl-for-n-dhcp4.patch \
file://musl/0004-Fix-build-with-musl-systemd-specific.patch \
"
-SRC_URI[sha256sum] = "2b29ccc1531ba7ebba95a97f40c22b963838e8b6833745efe8e6fb71fd8fca77"
+SRC_URI[sha256sum] = "377aa053752eaa304b72c9906f9efcd9fbd5f7f6cb4cd4ad72425a68982cffc6"
S = "${WORKDIR}/NetworkManager-${PV}"
@@ -71,6 +72,7 @@ PACKAGECONFIG[bluez5] = "--enable-bluez5-dun,--disable-bluez5-dun,bluez5"
# consolekit is not picked by shlibs, so add it to RDEPENDS too
PACKAGECONFIG[consolekit] = "--with-session-tracking=consolekit,,consolekit,consolekit"
PACKAGECONFIG[modemmanager] = "--with-modem-manager-1=yes,--with-modem-manager-1=no,modemmanager"
+PACKAGECONFIG[firewalld] = "--enable-firewalld-zone,--disable-firewalld-zone,firewalld"
PACKAGECONFIG[ppp] = "--enable-ppp,--disable-ppp,ppp,ppp"
# Use full featured dhcp client instead of internal one
PACKAGECONFIG[dhclient] = "--with-dhclient=${base_sbindir}/dhclient,,,dhcp-client"
@@ -151,6 +153,9 @@ ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-co
ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.NetworkManager','',d)}"
ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
+# Issue introduced in 1.26
+CVE_CHECK_WHITELIST = "CVE-2021-20297 "
+
do_install_append() {
install -Dm 0755 ${WORKDIR}/${BPN}.initd ${D}${sysconfdir}/init.d/network-manager
--
2.33.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [OE-core] [dunfell][meta-oe][PATCH] networkmanager: update to 1.22.16
2021-11-03 7:20 [dunfell][meta-oe][PATCH] networkmanager: update to 1.22.16 Marta Rybczynska
@ 2021-11-03 15:13 ` Steve Sakoman
2021-11-03 15:26 ` Marta Rybczynska
0 siblings, 1 reply; 3+ messages in thread
From: Steve Sakoman @ 2021-11-03 15:13 UTC (permalink / raw)
To: Marta Rybczynska
Cc: Patches and discussions about the oe-core layer, Marta Rybczynska
Hi Marta,
Thanks for the patch submission!
Since this is for meta-openembedded, it should be sent to
openembedded-devel@lists.openembedded.org, not the oe-core list.
Similarly, you shouldn't use the [oe-core] tag, just the [meta-oe] tag.
There are different maintainers for oe-core and meta-openembedded so
these two things will make sure that the right person sees the patch.
Best regards,
Steve
On Tue, Nov 2, 2021 at 9:20 PM Marta Rybczynska <rybczynska@gmail.com> wrote:
>
> NetworkManager 1.22.16 contains a fix for CVE-2020-10754.
>
> This version includes an additional option by default for firewalld zones,
> --enable-firewalld-zone that installs additional files. Disable it to
> keep the old behaviour if no firewalld.
>
> Also include a patch for fixing reallocarray usage from gatesgarth
> meta-openembedded 165ad9ad4c86c9e63f3afcf3172c8e1d3629f3a5 required
> for the build.
>
> Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
> ---
> .../fix_reallocarray_check.patch | 27 +++++++++++++++++++
> ...r_1.22.10.bb => networkmanager_1.22.16.bb} | 7 ++++-
> 2 files changed, 33 insertions(+), 1 deletion(-)
> create mode 100644 meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
> rename meta-networking/recipes-connectivity/networkmanager/{networkmanager_1.22.10.bb => networkmanager_1.22.16.bb} (95%)
>
> diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch b/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
> new file mode 100644
> index 000000000..0a8de5410
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
> @@ -0,0 +1,27 @@
> +reallocarray() is coming from stdlib.h which maybe indirectly included
> +by malloc.h but not on all libc implementations
> +
> +Upstream-Status: Pending
> +Signed-off-by: Khem Raj <raj.khem@gmail.com>
> +--- a/meson.build
> ++++ b/meson.build
> +@@ -114,7 +114,7 @@ config_h.set10('HAVE_GETRANDOM', use_sys
> + # FIXME secure_getenv check is not useful?
> + config_h.set('HAVE_SECURE_GETENV', cc.has_function('secure_getenv'))
> + config_h.set('HAVE___SECURE_GETENV', cc.has_function('__secure_getenv'))
> +-config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include <malloc.h>'))
> ++config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include <stdlib.h>'))
> + config_h.set10('HAVE_DECL_EXPLICIT_BZERO', cc.has_function('explicit_bzero', prefix: '#include <string.h>'))
> + config_h.set10('HAVE_DECL_MEMFD_CREATE', cc.has_function('memfd_create', prefix: '#include <sys/mman.h>'))
> +
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -82,7 +82,7 @@ AC_CHECK_DECLS([
> + AC_CHECK_DECLS([
> + reallocarray],
> + [], [], [[
> +-#include <malloc.h>
> ++#include <stdlib.h>
> + ]])
> +
> + AC_CHECK_DECLS([
> diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.10.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.16.bb
> similarity index 95%
> rename from meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.10.bb
> rename to meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.16.bb
> index 33a2b7c0c..ff784b8ce 100644
> --- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.10.bb
> +++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.16.bb
> @@ -26,6 +26,7 @@ SRC_URI = " \
> file://${BPN}.initd \
> file://0001-Fixed-configure.ac-Fix-pkgconfig-sysroot-locations.patch \
> file://0002-Do-not-create-settings-settings-property-documentati.patch \
> + file://fix_reallocarray_check.patch \
> "
> SRC_URI_append_libc-musl = " \
> file://musl/0001-Fix-build-with-musl-systemd-specific.patch \
> @@ -33,7 +34,7 @@ SRC_URI_append_libc-musl = " \
> file://musl/0003-Fix-build-with-musl-for-n-dhcp4.patch \
> file://musl/0004-Fix-build-with-musl-systemd-specific.patch \
> "
> -SRC_URI[sha256sum] = "2b29ccc1531ba7ebba95a97f40c22b963838e8b6833745efe8e6fb71fd8fca77"
> +SRC_URI[sha256sum] = "377aa053752eaa304b72c9906f9efcd9fbd5f7f6cb4cd4ad72425a68982cffc6"
>
> S = "${WORKDIR}/NetworkManager-${PV}"
>
> @@ -71,6 +72,7 @@ PACKAGECONFIG[bluez5] = "--enable-bluez5-dun,--disable-bluez5-dun,bluez5"
> # consolekit is not picked by shlibs, so add it to RDEPENDS too
> PACKAGECONFIG[consolekit] = "--with-session-tracking=consolekit,,consolekit,consolekit"
> PACKAGECONFIG[modemmanager] = "--with-modem-manager-1=yes,--with-modem-manager-1=no,modemmanager"
> +PACKAGECONFIG[firewalld] = "--enable-firewalld-zone,--disable-firewalld-zone,firewalld"
> PACKAGECONFIG[ppp] = "--enable-ppp,--disable-ppp,ppp,ppp"
> # Use full featured dhcp client instead of internal one
> PACKAGECONFIG[dhclient] = "--with-dhclient=${base_sbindir}/dhclient,,,dhcp-client"
> @@ -151,6 +153,9 @@ ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-co
> ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.NetworkManager','',d)}"
> ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
>
> +# Issue introduced in 1.26
> +CVE_CHECK_WHITELIST = "CVE-2021-20297 "
> +
> do_install_append() {
> install -Dm 0755 ${WORKDIR}/${BPN}.initd ${D}${sysconfdir}/init.d/network-manager
>
> --
> 2.33.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#157821): https://lists.openembedded.org/g/openembedded-core/message/157821
> Mute This Topic: https://lists.openembedded.org/mt/86786130/3617601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [sakoman@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [OE-core] [dunfell][meta-oe][PATCH] networkmanager: update to 1.22.16
2021-11-03 15:13 ` [OE-core] " Steve Sakoman
@ 2021-11-03 15:26 ` Marta Rybczynska
0 siblings, 0 replies; 3+ messages in thread
From: Marta Rybczynska @ 2021-11-03 15:26 UTC (permalink / raw)
To: Steve Sakoman
Cc: Patches and discussions about the oe-core layer, Marta Rybczynska
[-- Attachment #1: Type: text/plain, Size: 6504 bytes --]
Hello Steve,
Thank you for spotting this! The patch has been sent to the other list.
Kind regards,
Marta
On Wed, Nov 3, 2021 at 4:13 PM Steve Sakoman <steve@sakoman.com> wrote:
> Hi Marta,
>
> Thanks for the patch submission!
>
> Since this is for meta-openembedded, it should be sent to
> openembedded-devel@lists.openembedded.org, not the oe-core list.
>
> Similarly, you shouldn't use the [oe-core] tag, just the [meta-oe] tag.
>
> There are different maintainers for oe-core and meta-openembedded so
> these two things will make sure that the right person sees the patch.
>
> Best regards,
>
> Steve
>
> On Tue, Nov 2, 2021 at 9:20 PM Marta Rybczynska <rybczynska@gmail.com>
> wrote:
> >
> > NetworkManager 1.22.16 contains a fix for CVE-2020-10754.
> >
> > This version includes an additional option by default for firewalld
> zones,
> > --enable-firewalld-zone that installs additional files. Disable it to
> > keep the old behaviour if no firewalld.
> >
> > Also include a patch for fixing reallocarray usage from gatesgarth
> > meta-openembedded 165ad9ad4c86c9e63f3afcf3172c8e1d3629f3a5 required
> > for the build.
> >
> > Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
> > ---
> > .../fix_reallocarray_check.patch | 27 +++++++++++++++++++
> > ...r_1.22.10.bb => networkmanager_1.22.16.bb} | 7 ++++-
> > 2 files changed, 33 insertions(+), 1 deletion(-)
> > create mode 100644
> meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
> > rename meta-networking/recipes-connectivity/networkmanager/{
> networkmanager_1.22.10.bb => networkmanager_1.22.16.bb} (95%)
> >
> > diff --git
> a/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
> b/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
> > new file mode 100644
> > index 000000000..0a8de5410
> > --- /dev/null
> > +++
> b/meta-networking/recipes-connectivity/networkmanager/networkmanager/fix_reallocarray_check.patch
> > @@ -0,0 +1,27 @@
> > +reallocarray() is coming from stdlib.h which maybe indirectly included
> > +by malloc.h but not on all libc implementations
> > +
> > +Upstream-Status: Pending
> > +Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > +--- a/meson.build
> > ++++ b/meson.build
> > +@@ -114,7 +114,7 @@ config_h.set10('HAVE_GETRANDOM', use_sys
> > + # FIXME secure_getenv check is not useful?
> > + config_h.set('HAVE_SECURE_GETENV', cc.has_function('secure_getenv'))
> > + config_h.set('HAVE___SECURE_GETENV',
> cc.has_function('__secure_getenv'))
> > +-config_h.set10('HAVE_DECL_REALLOCARRAY',
> cc.has_function('reallocarray', prefix: '#include <malloc.h>'))
> > ++config_h.set10('HAVE_DECL_REALLOCARRAY',
> cc.has_function('reallocarray', prefix: '#include <stdlib.h>'))
> > + config_h.set10('HAVE_DECL_EXPLICIT_BZERO',
> cc.has_function('explicit_bzero', prefix: '#include <string.h>'))
> > + config_h.set10('HAVE_DECL_MEMFD_CREATE',
> cc.has_function('memfd_create', prefix: '#include <sys/mman.h>'))
> > +
> > +--- a/configure.ac
> > ++++ b/configure.ac
> > +@@ -82,7 +82,7 @@ AC_CHECK_DECLS([
> > + AC_CHECK_DECLS([
> > + reallocarray],
> > + [], [], [[
> > +-#include <malloc.h>
> > ++#include <stdlib.h>
> > + ]])
> > +
> > + AC_CHECK_DECLS([
> > diff --git a/meta-networking/recipes-connectivity/networkmanager/
> networkmanager_1.22.10.bb
> b/meta-networking/recipes-connectivity/networkmanager/
> networkmanager_1.22.16.bb
> > similarity index 95%
> > rename from meta-networking/recipes-connectivity/networkmanager/
> networkmanager_1.22.10.bb
> > rename to meta-networking/recipes-connectivity/networkmanager/
> networkmanager_1.22.16.bb
> > index 33a2b7c0c..ff784b8ce 100644
> > --- a/meta-networking/recipes-connectivity/networkmanager/
> networkmanager_1.22.10.bb
> > +++ b/meta-networking/recipes-connectivity/networkmanager/
> networkmanager_1.22.16.bb
> > @@ -26,6 +26,7 @@ SRC_URI = " \
> > file://${BPN}.initd \
> >
> file://0001-Fixed-configure.ac-Fix-pkgconfig-sysroot-locations.patch \
> >
> file://0002-Do-not-create-settings-settings-property-documentati.patch \
> > + file://fix_reallocarray_check.patch \
> > "
> > SRC_URI_append_libc-musl = " \
> > file://musl/0001-Fix-build-with-musl-systemd-specific.patch \
> > @@ -33,7 +34,7 @@ SRC_URI_append_libc-musl = " \
> > file://musl/0003-Fix-build-with-musl-for-n-dhcp4.patch \
> > file://musl/0004-Fix-build-with-musl-systemd-specific.patch \
> > "
> > -SRC_URI[sha256sum] =
> "2b29ccc1531ba7ebba95a97f40c22b963838e8b6833745efe8e6fb71fd8fca77"
> > +SRC_URI[sha256sum] =
> "377aa053752eaa304b72c9906f9efcd9fbd5f7f6cb4cd4ad72425a68982cffc6"
> >
> > S = "${WORKDIR}/NetworkManager-${PV}"
> >
> > @@ -71,6 +72,7 @@ PACKAGECONFIG[bluez5] =
> "--enable-bluez5-dun,--disable-bluez5-dun,bluez5"
> > # consolekit is not picked by shlibs, so add it to RDEPENDS too
> > PACKAGECONFIG[consolekit] =
> "--with-session-tracking=consolekit,,consolekit,consolekit"
> > PACKAGECONFIG[modemmanager] =
> "--with-modem-manager-1=yes,--with-modem-manager-1=no,modemmanager"
> > +PACKAGECONFIG[firewalld] =
> "--enable-firewalld-zone,--disable-firewalld-zone,firewalld"
> > PACKAGECONFIG[ppp] = "--enable-ppp,--disable-ppp,ppp,ppp"
> > # Use full featured dhcp client instead of internal one
> > PACKAGECONFIG[dhclient] =
> "--with-dhclient=${base_sbindir}/dhclient,,,dhcp-client"
> > @@ -151,6 +153,9 @@ ALTERNATIVE_${PN} =
> "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-co
> > ALTERNATIVE_TARGET[resolv-conf] =
> "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.NetworkManager','',d)}"
> > ALTERNATIVE_LINK_NAME[resolv-conf] =
> "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
> >
> > +# Issue introduced in 1.26
> > +CVE_CHECK_WHITELIST = "CVE-2021-20297 "
> > +
> > do_install_append() {
> > install -Dm 0755 ${WORKDIR}/${BPN}.initd
> ${D}${sysconfdir}/init.d/network-manager
> >
> > --
> > 2.33.0
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#157821):
> https://lists.openembedded.org/g/openembedded-core/message/157821
> > Mute This Topic: https://lists.openembedded.org/mt/86786130/3617601
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> sakoman@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
[-- Attachment #2: Type: text/html, Size: 9592 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-03 15:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-03 7:20 [dunfell][meta-oe][PATCH] networkmanager: update to 1.22.16 Marta Rybczynska
2021-11-03 15:13 ` [OE-core] " Steve Sakoman
2021-11-03 15:26 ` Marta Rybczynska
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.