Upstream merge (meta-openembedded)

meta-networking/recipes-extended/tgt/files/CVE-2024-45751.patch

@@ -0,0 +1,68 @@
+From abd8e0d987ab56013d360077202bf2aca20a42dd Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <[email protected]>
+Date: Tue, 3 Sep 2024 16:14:58 +0200
+Subject: [PATCH] chap: Use proper entropy source
+
+The challenge sent to the initiator is based on a poor
+source of randomness, it uses rand() without seeding it by srand().
+So the glibc PRNG is always seeded with 1 and as a consequence the
+sequence of challenges is always the same.
+
+An attacker which is able to monitor network traffic can apply a replay
+attack to bypass the CHAP authentication.  All the attacker has to do
+is waiting for the server or the service to restart and replay with a
+previously record CHAP session which fits into the sequence.
+
+To overcome the issue, use getrandom() to query the kernel random
+number generator.
+Also always send a challenge of length CHAP_CHALLENGE_MAX, there is no
+benefit in sending a variable length challenge.
+
+Signed-off-by: Richard Weinberger <[email protected]>
+
+Upstream-Status: Backport [https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd]
+CVE: CVE-2024-45751
+Signed-off-by: Vijay Anusuri <[email protected]>
+---
+ usr/iscsi/chap.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/usr/iscsi/chap.c b/usr/iscsi/chap.c
+index aa0fc671..b89ecabd 100644
+--- a/usr/iscsi/chap.c
++++ b/usr/iscsi/chap.c
+@@ -28,6 +28,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <sys/random.h>
+
+ #include "iscsid.h"
+ #include "tgtd.h"
+@@ -359,22 +360,19 @@ static int chap_initiator_auth_create_challenge(struct iscsi_connection *conn)
+ 	sprintf(text, "%u", (unsigned char)conn->auth.chap.id);
+ 	text_key_add(conn, "CHAP_I", text);
+
+-	/*
+-	 * FIXME: does a random challenge length provide any benefits security-
+-	 * wise, or should we rather always use the max. allowed length of
+-	 * 1024 for the (unencoded) challenge?
+-	 */
+-	conn->auth.chap.challenge_size = (rand() % (CHAP_CHALLENGE_MAX / 2)) + CHAP_CHALLENGE_MAX / 2;
++	conn->auth.chap.challenge_size = CHAP_CHALLENGE_MAX;
+
+ 	conn->auth.chap.challenge = malloc(conn->auth.chap.challenge_size);
+ 	if (!conn->auth.chap.challenge)
+ 		return CHAP_TARGET_ERROR;
+
++	if (getrandom(conn->auth.chap.challenge, conn->auth.chap.challenge_size, 0) != conn->auth.chap.challenge_size)
++		return CHAP_TARGET_ERROR;
++
+ 	p = text;
+ 	strcpy(p, "0x");
+ 	p += 2;
+ 	for (i = 0; i < conn->auth.chap.challenge_size; i++) {
+-		conn->auth.chap.challenge[i] = rand();
+ 		sprintf(p, "%.2hhx", conn->auth.chap.challenge[i]);
+ 		p += 2;
+ 	}

meta-networking/recipes-extended/tgt/tgt_git.bb

@@ -11,6 +11,7 @@ SRC_URI = "git://github.com/fujita/tgt.git;branch=master;protocol=https \
 	file://0001-Correct-the-path-of-header-files-check-in-Yocto-buil.patch \
         file://0001-usr-Makefile-WARNING-fix.patch \
         file://usr-Makefile-apply-LDFLAGS-to-all-executables.patch \
+        file://CVE-2024-45751.patch \
 "
 SRC_URI += "file://tgtd.init \
             file://tgtd.service \

meta-networking/recipes-protocols/frr/frr/CVE-2024-44070.patch

@@ -0,0 +1,69 @@
+From 0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5 Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <[email protected]>
+Date: Wed, 31 Jul 2024 05:56:14 +0000
+Subject: [PATCH] bgpd: Check the actual remaining stream length before taking
+ TLV value ```
+
+    0 0xb50b9f898028 in __sanitizer_print_stack_trace (/home/
+ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/
+bgpd+0x368028) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7)
+    1 0xb50b9f7ed8e4 in fuzzer::PrintStackTrace() (/home/ubuntu/
+frr-public/frr_public_private-libfuzzer/bgpd/.libs/bgpd+0x2bd8e4)
+(BuildId: 3292703ed7958b20076550c967f879db8dc27ca7)
+    2 0xb50b9f7d4d9c in fuzzer::Fuzzer::CrashCallback() (/home/
+ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/
+bgpd+0x2a4d9c) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7)
+    3 0xe0d12d7469cc  (linux-vdso.so.1+0x9cc) (BuildId:
+1a77697e9d723fe22246cfd7641b140c427b7e11)
+    4 0xe0d12c88f1fc in __pthread_kill_implementation nptl/
+pthread_kill.c:43:17
+    5 0xe0d12c84a678 in gsignal signal/../sysdeps/posix/raise.c:26:13
+    6 0xe0d12c83712c in abort stdlib/abort.c:79:7
+    7 0xe0d12d214724 in _zlog_assert_failed /home/ubuntu/frr-public/
+frr_public_private-libfuzzer/lib/zlog.c:789:2
+    8 0xe0d12d1285e4 in stream_get /home/ubuntu/frr-public/
+frr_public_private-libfuzzer/lib/stream.c:324:3
+    9 0xb50b9f8e47c4 in bgp_attr_encap /home/ubuntu/frr-public/
+frr_public_private-libfuzzer/bgpd/bgp_attr.c:2758:3
+    10 0xb50b9f8dcd38 in bgp_attr_parse /home/ubuntu/frr-public/
+frr_public_private-libfuzzer/bgpd/bgp_attr.c:3783:10
+    11 0xb50b9faf74b4 in bgp_update_receive /home/ubuntu/frr-public/
+frr_public_private-libfuzzer/bgpd/bgp_packet.c:2383:20
+    12 0xb50b9faf1dcc in bgp_process_packet /home/ubuntu/frr-public/
+frr_public_private-libfuzzer/bgpd/bgp_packet.c:4075:11
+    13 0xb50b9f8c90d0 in LLVMFuzzerTestOneInput /home/ubuntu/frr-public/
+frr_public_private-libfuzzer/bgpd/bgp_main.c:582:3
+```
+
+Reported-by: Iggy Frankovic <[email protected]>
+Signed-off-by: Donatas Abraitis <[email protected]>
+
+CVE: CVE-2024-44070
+Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5]
+
+Signed-off-by: Yogita Urade <[email protected]>
+---
+ bgpd/bgp_attr.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index 1e08a218e..ef45d5c46 100644
+--- a/bgpd/bgp_attr.c
++++ b/bgpd/bgp_attr.c
+@@ -2475,6 +2475,14 @@ static int bgp_attr_encap(struct bgp_attr_parser_args *args)
+						  args->total);
+		}
+
++		if (STREAM_READABLE(BGP_INPUT(peer)) < sublength) {
++			zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining stream length %zu",
++				 sublength, STREAM_READABLE(BGP_INPUT(peer)));
++			return bgp_attr_malformed(args,
++						  BGP_NOTIFY_UPDATE_OPT_ATTR_ERR,
++						  args->total);
++		}
++
+		/* alloc and copy sub-tlv */
+		/* TBD make sure these are freed when attributes are released */
+		tlv = XCALLOC(MTYPE_ENCAP_TLV,
+--
+2.40.0

meta-networking/recipes-protocols/frr/frr_8.2.2.bb

@@ -28,6 +28,7 @@ SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \
            file://CVE-2023-47234.patch \
            file://CVE-2023-47235.patch \
            file://frr.pam \
+           file://CVE-2024-44070.patch\
 	      "
 
 SRCREV = "79188bf710e92acf42fb5b9b0a2e9593a5ee9b05"

meta-oe/recipes-dbs/rocksdb/files/run-ptest

@@ -0,0 +1,12 @@
+#!/bin/sh
+ptestdir=$(dirname "$(readlink -f "$0")")
+cd "$ptestdir"/tests || exit
+
+for test in *_test; do
+    if ./${test} >/dev/null 2>&1; then
+        echo "PASS: ${test}"
+    else
+        echo "FAIL: ${test}"
+    fi
+done
+

meta-oe/recipes-dbs/rocksdb/rocksdb_6.20.3.bb

@@ -18,6 +18,7 @@ SRC_URI = "git://github.com/facebook/${BPN}.git;branch=${SRCBRANCH};protocol=htt
            file://ppc64.patch \
            file://mips.patch \
            file://arm.patch \
+           file://run-ptest \
           "
 
 SRC_URI:append:riscv32 = " file://0001-replace-old-sync-with-new-atomic-builtin-equivalents.patch"
@@ -27,7 +28,7 @@ SRC_URI:remove:toolchain-clang:riscv32 = "file://0001-replace-old-sync-with-new-
 
 S = "${WORKDIR}/git"
 
-inherit cmake
+inherit cmake ptest
 
 PACKAGECONFIG ??= "bzip2 zlib lz4 gflags"
 PACKAGECONFIG[bzip2] = "-DWITH_BZ2=ON,-DWITH_BZ2=OFF,bzip2"
@@ -40,7 +41,7 @@ PACKAGECONFIG[gflags] = "-DWITH_GFLAGS=ON,-DWITH_GFLAGS=OFF,gflags"
 # Tools and tests currently don't compile on armv5 so we disable them
 EXTRA_OECMAKE = "\
     -DPORTABLE=ON \
-    -DWITH_TESTS=OFF \
+    -DWITH_TESTS=${@bb.utils.contains("DISTRO_FEATURES", "ptest", "ON", "OFF", d)} \
     -DWITH_BENCHMARK_TOOLS=OFF \
     -DWITH_TOOLS=OFF \
     -DFAIL_ON_WARNINGS=OFF \
@@ -52,7 +53,21 @@ do_install:append() {
 }
 
 LDFLAGS:append:riscv64 = " -pthread"
+do_install_ptest() {
+    install -d ${D}${PTEST_PATH}/tests
+    # only cover the basic test as all the tests need to take about 6 hours
+    # time ./run-ptest
+    # real    356m32.956s
+    # user    252m32.004s
+    # sys 178m50.246s
+    install -m 0755 ${B}/env_basic_test ${D}${PTEST_PATH}/tests/
+    install -m 0755 ${B}/db_basic_test ${D}${PTEST_PATH}/tests/
+    install -m 0755 ${B}/arena_test ${D}${PTEST_PATH}/tests/
+    install -m 0755 ${B}/testutil_test ${D}${PTEST_PATH}/tests/
+    install -m 0755 ${B}/cache_test ${D}${PTEST_PATH}/tests/
+}
 
 # Need toku_time_now() implemented for ppc/musl
 # see utilities/transactions/lock/range/range_tree/lib/portability/toku_time.h
 COMPATIBLE_HOST:libc-musl:powerpc = "null"
+COMPATIBLE_HOST:armv5 = 'null'

meta-oe/recipes-devtools/android-tools/android-tools/android-tools-adbd.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=Android Debug Bridge
-ConditionPathExists=/var/usb-debugging-enabled
+ConditionPathExists=/etc/usb-debugging-enabled
 Before=android-system.service
 
 [Service]

meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb

@@ -184,7 +184,7 @@ FILES:${PN}-fstools = "\
 BBCLASSEXTEND = "native"
 
 android_tools_enable_devmode() {
-    touch ${IMAGE_ROOTFS}/var/usb-debugging-enabled
+    touch ${IMAGE_ROOTFS}/etc/usb-debugging-enabled
 }
 
 ROOTFS_POSTPROCESS_COMMAND_${PN}-adbd += "${@bb.utils.contains("USB_DEBUGGING_ENABLED", "1", "android_tools_enable_devmode;", "", d)}"

meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb → meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb

@@ -6,7 +6,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0"
 
 SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https"
-SRCREV = "87d8f0961a01bf09bef98ff89bae9fdec42181ee"
+SRCREV = "acc76239bee01d8e9c858ae2cab296704e52d916"
 
 S = "${WORKDIR}/git"
 

meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb

@@ -12,7 +12,7 @@ SRC_URI = "git://github.com/mirror/xmlrpc-c.git;branch=master;protocol=https \
            "
 
 #Release 1.54.02
-SRCREV = "86405c7e1bd4f70287204a28d242a1054daab520"
+SRCREV = "36b142d6179514989a44c1087f6c46182dafd21f"
 
 S = "${WORKDIR}/git/stable"
 

meta-oe/recipes-multimedia/sound-themes/sound-theme-freedesktop_0.8.bb

@@ -11,6 +11,6 @@ inherit autotools gettext
 
 DEPENDS += "glib-2.0-native"
 
-SRC_URI = "http://people.freedesktop.org/~mccann/dist/${BPN}-${PV}.tar.bz2"
+SRC_URI = "https://people.freedesktop.org/~mccann/dist/${BPN}-${PV}.tar.bz2"
 SRC_URI[md5sum] = "d7387912cfd275282d1ec94483cb2f62"
 SRC_URI[sha256sum] = "cb518b20eef05ec2e82dda1fa89a292c1760dc023aba91b8aa69bafac85e8a14"

meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb

@@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.GPL;md5=5f6e72824f5da505c1f4a7197f004b45 \
 
 inherit siteinfo autotools-brokensep ptest
 
-SRC_URI = "http://people.redhat.com/dhowells/keyutils/${BP}.tar.bz2 \
+SRC_URI = "https://people.redhat.com/dhowells/keyutils/${BP}.tar.bz2 \
            file://keyutils-test-fix-output-format.patch \
            file://keyutils-fix-error-report-by-adding-default-message.patch \
            file://run-ptest \

meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb

@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LGPL;md5=2d5025d4aa3495befef8f17206a5b0a1"
 DEPENDS = "udev"
 
 SRCREV = "de6258940960443038b4c1651dfda3620075e870"
-SRC_URI = "git://git.0pointer.de/libatasmart.git;branch=master \
+SRC_URI = "git://git.0pointer.net/libatasmart.git;branch=master;protocol=https \
            file://0001-Makefile.am-add-CFLAGS-and-LDFLAGS-definiton.patch \
 "
 

meta-oe/recipes-support/lvm2/libdevmapper_2.03.11.bb

@@ -5,6 +5,8 @@ require lvm2.inc
 
 DEPENDS += "autoconf-archive-native"
 
+inherit nopackages
+
 TARGET_CC_ARCH += "${LDFLAGS}"
 
 do_install() {