* [PATCH 1/4] gnutls: Backport certificate check fix
2016-10-10 8:34 [PATCH 0/4] flex & gnutls fixes Jussi Kukkonen
@ 2016-10-10 8:30 ` Jussi Kukkonen
2016-10-10 8:30 ` [PATCH 2/4] flex: Update upstream check uri Jussi Kukkonen
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Jussi Kukkonen @ 2016-10-10 8:30 UTC (permalink / raw)
To: openembedded-core
Previously the OCSP certificate check wouldn't verify the serial
length and could succeed in cases it shouldn't (CVE-2016-7444).
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
.../gnutls/gnutls/CVE-2016-7444.patch | 35 ++++++++++++++++++++++
meta/recipes-support/gnutls/gnutls_3.5.3.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
new file mode 100644
index 0000000..215be5a
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
@@ -0,0 +1,35 @@
+CVE: CVE-2016-7444
+Upstream-Status: Backport
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+
+Upstream commit follows:
+
+
+From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 27 Aug 2016 17:00:22 +0200
+Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP response
+
+Previously the OCSP certificate check wouldn't verify the serial length
+and could succeed in cases it shouldn't.
+
+Reported by Stefan Buehler.
+---
+ lib/x509/ocsp.c | 1 +
+ 1 file changed, 1 insertion(+), 0 deletions(-)
+
+diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
+index 92db9b6..8181f2e 100644
+--- a/lib/x509/ocsp.c
++++ b/lib/x509/ocsp.c
+@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
+ gnutls_assert();
+ goto cleanup;
+ }
++ cserial.size = t;
+
+ if (rserial.size != cserial.size
+ || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
+--
+libgit2 0.24.0
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.3.bb b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
index 8317eb4..b2dbb07 100644
--- a/meta/recipes-support/gnutls/gnutls_3.5.3.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
@@ -4,6 +4,7 @@ SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
file://0001-configure.ac-fix-sed-command.patch \
file://use-pkg-config-to-locate-zlib.patch \
file://0001-Use-correct-include-dir-with-minitasn.patch \
+ file://CVE-2016-7444.patch \
"
SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
SRC_URI[sha256sum] = "92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"
--
2.1.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/4] flex: Update upstream check uri
2016-10-10 8:34 [PATCH 0/4] flex & gnutls fixes Jussi Kukkonen
2016-10-10 8:30 ` [PATCH 1/4] gnutls: Backport certificate check fix Jussi Kukkonen
@ 2016-10-10 8:30 ` Jussi Kukkonen
2016-10-10 8:30 ` [PATCH 3/4] flex: Backport buffer overflow fix Jussi Kukkonen
2016-10-10 8:30 ` [PATCH 4/4] depexp: Close UI with error message on NoProvider event Jussi Kukkonen
3 siblings, 0 replies; 5+ messages in thread
From: Jussi Kukkonen @ 2016-10-10 8:30 UTC (permalink / raw)
To: openembedded-core
Flex has moved to github, update UPSTREAM_CHECK_URI.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
meta/recipes-devtools/flex/flex_2.6.0.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb b/meta/recipes-devtools/flex/flex_2.6.0.bb
index db2cf1c..3a45752 100644
--- a/meta/recipes-devtools/flex/flex_2.6.0.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.0.bb
@@ -21,6 +21,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/flex/flex-${PV}.tar.bz2 \
SRC_URI[md5sum] = "266270f13c48ed043d95648075084d59"
SRC_URI[sha256sum] = "24e611ef5a4703a191012f80c1027dc9d12555183ce0ecd46f3636e587e9b8e9"
+# Flex has moved to github from 2.6.1 onwards
+UPSTREAM_CHECK_URI = "https://github.com/westes/flex/releases"
UPSTREAM_CHECK_REGEX = "flex-(?P<pver>\d+(\.\d+)+)\.tar"
inherit autotools gettext texinfo ptest
--
2.1.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/4] flex: Backport buffer overflow fix
2016-10-10 8:34 [PATCH 0/4] flex & gnutls fixes Jussi Kukkonen
2016-10-10 8:30 ` [PATCH 1/4] gnutls: Backport certificate check fix Jussi Kukkonen
2016-10-10 8:30 ` [PATCH 2/4] flex: Update upstream check uri Jussi Kukkonen
@ 2016-10-10 8:30 ` Jussi Kukkonen
2016-10-10 8:30 ` [PATCH 4/4] depexp: Close UI with error message on NoProvider event Jussi Kukkonen
3 siblings, 0 replies; 5+ messages in thread
From: Jussi Kukkonen @ 2016-10-10 8:30 UTC (permalink / raw)
To: openembedded-core
Fix a heap-based buffer overflow in yy_get_next_buffer()
(CVE-2016-6354).
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
.../recipes-devtools/flex/flex/CVE-2016-6354.patch | 59 ++++++++++++++++++++++
meta/recipes-devtools/flex/flex_2.6.0.bb | 1 +
2 files changed, 60 insertions(+)
create mode 100644 meta/recipes-devtools/flex/flex/CVE-2016-6354.patch
diff --git a/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch
new file mode 100644
index 0000000..216ac7a
--- /dev/null
+++ b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch
@@ -0,0 +1,59 @@
+From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Fri, 7 Oct 2016 14:15:38 +0300
+Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer
+
+This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466
+with some additional backporting to make binutils build again.
+
+Upstream-Status: Backport
+CVE: CVE-2016-6354
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ src/flex.skl | 2 +-
+ src/scan.c | 2 +-
+ src/skel.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/flex.skl b/src/flex.skl
+index ed71627..814d562 100644
+--- a/src/flex.skl
++++ b/src/flex.skl
+@@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer()
+
+ else
+ {
+- yy_size_t num_to_read =
++ int num_to_read =
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+ while ( num_to_read <= 0 )
+diff --git a/src/scan.c b/src/scan.c
+index f1dce75..1949872 100644
+--- a/src/scan.c
++++ b/src/scan.c
+@@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void)
+
+ else
+ {
+- yy_size_t num_to_read =
++ int num_to_read =
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+ while ( num_to_read <= 0 )
+diff --git a/src/skel.c b/src/skel.c
+index 26cc889..0344d18 100644
+--- a/src/skel.c
++++ b/src/skel.c
+@@ -1929,7 +1929,7 @@ const char *skel[] = {
+ "",
+ " else",
+ " {",
+- " yy_size_t num_to_read =",
++ " int num_to_read =",
+ " YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;",
+ "",
+ " while ( num_to_read <= 0 )",
+--
+2.1.4
+
diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb b/meta/recipes-devtools/flex/flex_2.6.0.bb
index 3a45752..ab35b09 100644
--- a/meta/recipes-devtools/flex/flex_2.6.0.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.0.bb
@@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/flex/flex-${PV}.tar.bz2 \
file://do_not_create_pdf_doc.patch \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0002-avoid-c-comments-in-c-code-fails-with-gcc-6.patch \
+ file://CVE-2016-6354.patch \
${@bb.utils.contains('PTEST_ENABLED', '1', '', 'file://disable-tests.patch', d)} \
"
--
2.1.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 4/4] depexp: Close UI with error message on NoProvider event
2016-10-10 8:34 [PATCH 0/4] flex & gnutls fixes Jussi Kukkonen
` (2 preceding siblings ...)
2016-10-10 8:30 ` [PATCH 3/4] flex: Backport buffer overflow fix Jussi Kukkonen
@ 2016-10-10 8:30 ` Jussi Kukkonen
3 siblings, 0 replies; 5+ messages in thread
From: Jussi Kukkonen @ 2016-10-10 8:30 UTC (permalink / raw)
To: openembedded-core
Without this the UI just sits there doing nothing. Showing an
infobar in-UI would be nicer but not much more useful since currently
user couldn't do anything in-UI to fix the situation. Implementation
is based on the one in knotty.
Fixes [YOCTO #9288]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
bitbake/lib/bb/ui/depexp.py | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/bitbake/lib/bb/ui/depexp.py b/bitbake/lib/bb/ui/depexp.py
index 995703d..d879e04 100644
--- a/bitbake/lib/bb/ui/depexp.py
+++ b/bitbake/lib/bb/ui/depexp.py
@@ -301,6 +301,30 @@ def main(server, eventHandler, params):
if isinstance(event, bb.command.CommandCompleted):
continue
+ if isinstance(event, bb.event.NoProvider):
+ if event._runtime:
+ r = "R"
+ else:
+ r = ""
+
+ extra = ''
+ if not event._reasons:
+ if event._close_matches:
+ extra = ". Close matches:\n %s" % '\n '.join(event._close_matches)
+
+ if event._dependees:
+ print("Nothing %sPROVIDES '%s' (but %s %sDEPENDS on or otherwise requires it)%s" % r, event._item, ", ".join(event._dependees), r, extra)
+ else:
+ print("Nothing %sPROVIDES '%s'%s" % (r, event._item, extra))
+ if event._reasons:
+ for reason in event._reasons:
+ print(reason)
+
+ _, error = server.runCommand(["stateShutdown"])
+ if error:
+ print('Unable to cleanly shutdown: %s' % error)
+ break
+
if isinstance(event, bb.command.CommandFailed):
print("Command execution failed: %s" % event.error)
return event.exitcode
--
2.1.4
^ permalink raw reply related [flat|nested] 5+ messages in thread