[yocto-security] [OE-core CVE] branch sumo updated. 2018-04-448-ga5dcf0c
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Sun Mar 24 09:50:17 PDT 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, sumo has been updated
via a5dcf0c4bd9a0be2f2484b0b1b3e77f1f2128dfc (commit)
via 342157b135e7493e5965b706ede93bee190fbe32 (commit)
via 607350d98aa4c65b71fe1f10900e205fad81d1ec (commit)
via 10fa35a75617e82650b12d3e353a554f05f036dd (commit)
via da41e48567eb21a47426a6fbe23ea07ce780cd3c (commit)
via ddbe969d0c9052a3ae17ef8f1cec8da847c722d3 (commit)
via d490839e881f3ff30a4bde8137cb04cb0fd37acd (commit)
via 3e8ba9af58253ed9db0f0376a8e2966e45ee089e (commit)
via 06bf145cee24b677ab076498fe8399126971bc43 (commit)
via 665b41d326654235d305649be4be69a1be8dc00b (commit)
via dfded083d9456c8d2bb168dbe8e08b2ffb3e1a26 (commit)
via 85e498a4671426999610d90c87c354d41cfe8443 (commit)
from 6d56e912fbbaa22830b4da5ab230586a3d15b23e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a5dcf0c4bd9a0be2f2484b0b1b3e77f1f2128dfc
Author: Mingli Yu <Mingli.Yu at windriver.com>
Date: Wed Feb 13 13:43:28 2019 +0800
logrotate.py: restore /etc/logrotate.d/wtmp
During the test logrotate.LogrotateTest.test_1_logrotate_setup,
there is below logic:
# mkdir $HOME/logrotate_dir
# sed -i "s#wtmp {#wtmp {\n olddir $HOME/logrotate_dir#" /etc/logrotate.d/wtmp
After all logrotate.LogrotateTest finished, only cleanup
$HOME/logrotate_dir as below, but don't restore
the config file /etc/logrotate.d/wtmp.
[snip]
def tearDownClass(cls):
cls.tc.target.run('rm -rf $HOME/logrotate_dir')
[snip]
That's to say, there is one additional line added
to /etc/logrotate.d/wtmp and will make the logrotate
service start failed when run systemd.SystemdBasicTests.test_systemd_failed
Take an example as below when run test as root:
# cat /etc/logrotate.d/wtmp
# no packages own wtmp -- we'll rotate it here
/var/log/wtmp {
olddir /root/logrotate_dir
missingok
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
# ls /root/logrotate_dir
ls: cannot access '/root/logrotate_dir': No such file or directory
# systemctl start logrotate
Job for logrotate.service failed because the control process exited with error code.
See "systemctl status logrotate.service" and "journalctl -xe" for details.
# systemctl status logrotate
logrotate.service - Rotate log files
Loaded: loaded (/lib/systemd/system/logrotate.service; static; vendor preset>
Active: failed (Result: exit-code) since Wed 2019-02-13 03:35:19 UTC; 7s ago
Docs: man:logrotate(8)
man:logrotate.conf(5)
Process: 540 ExecStart=/usr/sbin/logrotate /etc/logrotate.conf (code=exited, status=1/FAILURE)
Main PID: 540 (code=exited, status=1/FAILURE)
Feb 13 03:35:18 qemumips systemd[1]: Starting Rotate log files...
Feb 13 03:35:19 qemumips logrotate[540]: error: wtmp:9 error verifying olddir path /root/logrotate_dir: No such file or directory
Feb 13 03:35:19 qemumips logrotate[540]: error: found error in file wtmp, skipping
Feb 13 03:35:19 qemumips systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE
Feb 13 03:35:19 qemumips systemd[1]: logrotate.service: Failed with result 'exit-code'.
Feb 13 03:35:19 qemumips systemd[1]: Failed to start Rotate log files.
Add the logic to restore /etc/logrotate.d/wtmp to
make the cleanup complete to fix the above issue.
(From OE-Core rev: a2db9320d97d12d87524ff16a329f9c38a8da33f)
Signed-off-by: Mingli Yu <Mingli.Yu at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 342157b135e7493e5965b706ede93bee190fbe32
Author: George McCollister <george.mccollister at gmail.com>
Date: Mon Feb 25 10:37:13 2019 -0600
systemd: fix CVE-2019-6454
Apply patches from systemd_237-3ubuntu10.13 to fix CVE-2019-6454.
CVE-2019-6454 is an issue in which systemd (PID1) can be crashed
with a specially formed D-Bus message.
For information see:
https://usn.ubuntu.com/3891-1/
https://git.launchpad.net/ubuntu/+source/systemd/commit/?h=applied/ubuntu/bionic-updates&id=d7584b894afcaa8a4a1abb69db2a9c81a6276e80
Signed-off-by: George McCollister <george.mccollister at gmail.com>
commit 607350d98aa4c65b71fe1f10900e205fad81d1ec
Author: George McCollister <george.mccollister at gmail.com>
Date: Mon Feb 25 10:37:12 2019 -0600
systemd: fix CVE-2018-6954
Apply patches to fix CVE-2018-6954
NVD description from https://nvd.nist.gov/vuln/detail/CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in
non-terminal path components, which allows local users to obtain
ownership of arbitrary files via vectors involving creation of a
directory and a file under that directory, and later replacing that
directory with a symlink. This occurs even if the fs.protected_symlinks
sysctl is turned on.
Patches from systemd_237-3ubuntu10.13.debian.
These patches shouldn't be required on newer OE releases since they use
systemd v239 or higher.
Signed-off-by: George McCollister <george.mccollister at gmail.com>
commit 10fa35a75617e82650b12d3e353a554f05f036dd
Author: Marcus Cooper <marcus.cooper at axis.com>
Date: Mon Feb 25 10:37:11 2019 -0600
systemd: Security fix CVE-2018-16866
Affects < v240
Signed-off-by: Marcus Cooper <marcusc at axis.com>
>From v2 patch on openembedded-core at lists.openembedded.org
Incresed file name number from 0026 to 0027.
Signed-off-by: George McCollister <george.mccollister at gmail.com>
commit da41e48567eb21a47426a6fbe23ea07ce780cd3c
Author: George McCollister <george.mccollister at gmail.com>
Date: Mon Feb 25 10:37:10 2019 -0600
systemd: Security fix CVE-2018-16865
Affects < v240
Based on thud commit d5d2b821fc85b8cf39f683061ac2a45bddd2139f
The second patch in the thud commit doesn't apply against 237. Use the
version of the second patch CVE-2018-16865_2.patch from
systemd_237-3ubuntu10.13.debian.
Signed-off-by: George McCollister <george.mccollister at gmail.com>
commit ddbe969d0c9052a3ae17ef8f1cec8da847c722d3
Author: George McCollister <george.mccollister at gmail.com>
Date: Mon Feb 25 10:37:09 2019 -0600
systemd: Security fix CVE-2018-16864
Affects < v240
Based on thud commit 403e74b07b6f3c4a2444e68c74a8434fb17aee49
The patch in the thud commit doesn't compile against 237. Use the
version of this patch, CVE-2018-16864.patch from
systemd_237-3ubuntu10.13.debian.
Signed-off-by: George McCollister <george.mccollister at gmail.com>
commit d490839e881f3ff30a4bde8137cb04cb0fd37acd
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Mon Feb 25 10:37:08 2019 -0600
systemd: fix CVE-2018-15688
Backport patch to fix the following CVE.
CVE: CVE-2018-15688
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Cherry-picked from thud 13591d7224393dc0ae529a03cdf74aceb3540ce9
Signed-off-by: George McCollister <george.mccollister at gmail.com>
commit 3e8ba9af58253ed9db0f0376a8e2966e45ee089e
Author: George McCollister <george.mccollister at gmail.com>
Date: Mon Feb 25 10:37:07 2019 -0600
systemd: fix CVE-2018-15687
Backport patch to fix the following CVE.
CVE: CVE-2018-15687
Based on thud commit eeb621aa19f690971caf862290a172a115578ba1
The patch in the thud commit doesn't compile against 237. Use the
version of this patch, CVE-2018-15687.patch from
systemd_237-3ubuntu10.13.debian.
Signed-off-by: George McCollister <george.mccollister at gmail.com>
commit 06bf145cee24b677ab076498fe8399126971bc43
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Mon Feb 25 10:37:06 2019 -0600
systemd: fix CVE-2018-15686
Backport patch to fix the following CVE.
CVE: CVE-2018-15686
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Cherry-picked from thud 0ef70603bc983315eb0e8a97958d995a31198c35
Signed-off-by: George McCollister <george.mccollister at gmail.com>
commit 665b41d326654235d305649be4be69a1be8dc00b
Author: ROGEZ Matthieu <matthieu.rogez at fivesgroup.com>
Date: Mon Feb 11 15:27:43 2019 +0000
systemd: Fix typo in root home variable.
This regression has been introduced while upgrading to version 237
(commit 906230a73b3ccfa4afd2a19a6b0aa18cd1d5fa08)
and seems to only affect sumo version.
Signed-off-by: Matthieu Rogez <matthieu.rogez at fivesgroup.com>
commit dfded083d9456c8d2bb168dbe8e08b2ffb3e1a26
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Tue Jun 5 22:38:39 2018 +0000
oeqa/runtime/dnf: Fix test error when static libs are enabled
The test works by excluding curl-dev which curl-staticdev depends upon.
When static libraries aren't disabled, this leads to an odd looking test
failure.
Simply exclude curl-staticdev as well in case its enabled to make sure
the test always works.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 85e498a4671426999610d90c87c354d41cfe8443
Author: Stefan Agner <stefan.agner at toradex.com>
Date: Wed May 16 11:13:51 2018 +0200
run-postinsts: for dpkg/opkg, do not rely on /etc/*-postinsts
Start opkg/dpkg as soon as the respective package managers status
file is present, no matter whether /etc/$pm-postinsts exists. This
decouples the implicit link between postinsts scripts in /etc and
the package manager: Currently the package manager is only started
if those scripts are present, although the package manager does not
use those scripts at all! Package managers install their own set of
postinst scripts.
The behavior when using rpm packages stays the same.
Note that using the package managers capability to execute postinst
scripts is preferred for good reasons: It makes sure that the
package managers database reflects that the packages have been
completely installed and configured.
This change allows to drop installation of the postinsts scripts
when package management is present. This will be done in a separate
change.
Note: Before commit 5aae19959a44 ("rootfs.py: Change logic to
unistall packages") rootfs.py did not install /etc/$pm-postinsts
when package management is installed! The change caused YOCTO #8235
which lead to the behavior change of run-postinsts in first place.
Signed-off-by: Stefan Agner <stefan.agner at toradex.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
meta/lib/oeqa/runtime/cases/dnf.py | 2 +-
meta/lib/oeqa/runtime/cases/logrotate.py | 6 +-
...sive-let-s-rework-the-recursive-logic-to-.patch | 252 +++
...eserializing-state-always-use-read_line-L.patch | 250 +++
...sure-we-have-enough-space-for-the-DHCP6-o.patch | 39 +
...n-t-resolve-pathnames-when-traversing-rec.patch | 643 +++++++
.../systemd/systemd/0002-Make-tmpfiles-safe.patch | 1828 ++++++++++++++++++++
...-not-store-the-iovec-entry-for-process-co.patch | 193 +++
...ld-set-a-limit-on-the-number-of-fields-1k.patch | 60 +
...ote-set-a-limit-on-the-number-of-fields-i.patch | 79 +
...nal-fix-out-of-bounds-read-CVE-2018-16866.patch | 49 +
.../systemd/systemd/CVE-2019-6454.patch | 210 +++
...e-receive-an-invalid-dbus-message-ignore-.patch | 61 +
meta/recipes-core/systemd/systemd_237.bb | 13 +-
.../run-postinsts/run-postinsts/run-postinsts | 21 +-
.../run-postinsts/run-postinsts.service | 1 -
16 files changed, 3694 insertions(+), 13 deletions(-)
create mode 100644 meta/recipes-core/systemd/systemd/0001-chown-recursive-let-s-rework-the-recursive-logic-to-.patch
create mode 100644 meta/recipes-core/systemd/systemd/0001-core-when-deserializing-state-always-use-read_line-L.patch
create mode 100644 meta/recipes-core/systemd/systemd/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
create mode 100644 meta/recipes-core/systemd/systemd/0001-tmpfiles-don-t-resolve-pathnames-when-traversing-rec.patch
create mode 100644 meta/recipes-core/systemd/systemd/0002-Make-tmpfiles-safe.patch
create mode 100644 meta/recipes-core/systemd/systemd/0024-journald-do-not-store-the-iovec-entry-for-process-co.patch
create mode 100644 meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields-1k.patch
create mode 100644 meta/recipes-core/systemd/systemd/0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch
create mode 100644 meta/recipes-core/systemd/systemd/0027-journal-fix-out-of-bounds-read-CVE-2018-16866.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-6454.patch
create mode 100644 meta/recipes-core/systemd/systemd/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
hooks/post-receive
--
More information about the yocto-security
mailing list