[oe] [meta-oe] [PATCH] phpmyadmin: CVE-2015-8669
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12,
4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers
to obtain sensitive information via a crafted request, which reveals
the full path in an error message.
This patch is from
https://github.com/phpmyadmin/phpmyadmin/commit/c4d649325b25139d7c097e56e2e46cc7187fae45
Signed-off-by: Jian Liu
---
.../phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch | 16
.../recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb | 4 +++-
2 files changed, 19 insertions(+), 1 deletion(-)
create mode 100644
meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
diff --git
a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
new file mode 100644
index 000..c19996f
--- /dev/null
+++
b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
@@ -0,0 +1,18 @@
+[Security] Path disclosure, see PMASA-2015-6
+
+Upstream-Status: Bacport
+
+Signed-off-by: Marc Delisle
+
+diff -Nur
phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php
phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php
+--- phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php
2016-01-20 15:11:15.410106888 +0800
phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php
2016-01-20 15:14:05.758108076 +0800
+@@ -11,7 +11,7 @@
+ */
+
+ if (!function_exists('__')) {
+-PMA_fatalError('Bad invocation!');
++exit();
+ }
+
+ $strConfigAllowArbitraryServer_desc = __(
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
index 9297d0c..b8faf12 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI =
"https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz
\
file://Port-content-spoofing-fix-CVE-2015-7873.patch \
- file://apache.conf"
+ file://apache.conf \
+ file://phpmyadmin-CVE-2015-8669.patch \
+"
SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"
SRC_URI[sha256sum] =
"d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec"
--
1.9.1
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] php: uninitialized pointer in phar_make_dirstream()
CVE-2015-7804:
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c
in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers
to cause a denial of service (uninitialized pointer dereference and
application crash) by including the / filename in a .zip PHAR archive.
This patch is from
http://git.php.net/?p=php-src.git;a=commitdiff;\
h=1ddf72180a52d247db88ea42a3e35f824a8fbda1;hp=f98ab19dc0c978e3caaa2614579e4a61f2c317f5
Signed-off-by: Jian Liu
---
.../php/php-5.6.12/php-CVE-2015-7804.patch | 35 ++
meta-oe/recipes-devtools/php/php.inc | 1 +
2 files changed, 36 insertions(+)
create mode 100644
meta-oe/recipes-devtools/php/php-5.6.12/php-CVE-2015-7804.patch
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/php-CVE-2015-7804.patch
b/meta-oe/recipes-devtools/php/php-5.6.12/php-CVE-2015-7804.patch
new file mode 100644
index 000..248d1d1
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php-5.6.12/php-CVE-2015-7804.patch
@@ -0,0 +1,35 @@
+FIx bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry
filename is "/"
+
+Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c
+in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers
+to cause a denial of service (uninitialized pointer dereference and
+application crash) by including the / filename in a .zip PHAR archive.
+
+Written-by: Stanislav Malyshev
+
+diff -Nur php-5.6.12.orig/ext/phar/util.c php-5.6.12/ext/phar/util.c
+--- php-5.6.12.orig/ext/phar/util.c2015-12-16 18:51:51.603455462 +0800
php-5.6.12/ext/phar/util.c 2015-12-16 18:53:43.483456242 +0800
+@@ -1969,7 +1969,7 @@
+
+ while ((s = zend_memrchr(filename, '/', filename_len))) {
+ filename_len = s - filename;
+- if (FAILURE == zend_hash_add_empty_element(&phar->virtual_dirs,
filename, filename_len)) {
++ if (!filename_len || FAILURE ==
zend_hash_add_empty_element(&phar->virtual_dirs, filename, filename_len)) {
+ break;
+ }
+ }
+diff -Nur php-5.6.12.orig/ext/phar/zip.c php-5.6.12/ext/phar/zip.c
+--- php-5.6.12.orig/ext/phar/zip.c 2015-12-16 18:51:51.603455462 +0800
php-5.6.12/ext/phar/zip.c 2015-12-16 18:54:39.667456634 +0800
+@@ -396,7 +396,9 @@
+
+ if (entry.filename[entry.filename_len - 1] == '/') {
+ entry.is_dir = 1;
+- entry.filename_len--;
++ if(entry.filename_len > 1) {
++ entry.filename_len--;
++ }
+ entry.flags |= PHAR_ENT_PERM_DEF_DIR;
+ } else {
+ entry.is_dir = 0;
diff --git a/meta-oe/recipes-devtools/php/php.inc
b/meta-oe/recipes-devtools/php/php.inc
index 4aa9c3f..d0c596c 100644
--- a/meta-oe/recipes-devtools/php/php.inc
+++ b/meta-oe/recipes-devtools/php/php.inc
@@ -15,6 +15,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \
file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \
file://php-CVE-2015-7803.patch \
+ file://php-CVE-2015-7804.patch \
"
SRC_URI_append_class-target += " \
--
1.9.1
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-oe] php: NULL pointer dereference in phar_get_fp_offset()
CVE-2015-7803:
The phar_get_entry_data function in ext/phar/util.c in PHP
before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers
to cause a denial of service (NULL pointer dereference and
application crash) via a .phar file with a crafted TAR archive
entry in which the Link indicator references a file that does
not exist.
This patch is from
http://git.php.net/?p=php-src.git;a=commitdiff;\
h=d698f0ae51f67c9cce870b09c59df3d6ba959244;hp=bb98ed600ab6787d9d367927d49439be9a83441e
Signed-off-by: Jian Liu
---
.../php/php-5.6.12/php-CVE-2015-7803.patch | 72 ++
meta-oe/recipes-devtools/php/php.inc | 1 +
2 files changed, 73 insertions(+)
create mode 100644
meta-oe/recipes-devtools/php/php-5.6.12/php-CVE-2015-7803.patch
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/php-CVE-2015-7803.patch
b/meta-oe/recipes-devtools/php/php-5.6.12/php-CVE-2015-7803.patch
new file mode 100644
index 000..77ff44f
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php-5.6.12/php-CVE-2015-7803.patch
@@ -0,0 +1,72 @@
+Fix bug #69720: Null pointer dereference in phar_get_fp_offset()
+
+The phar_get_entry_data function in ext/phar/util.c in PHP
+before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers
+to cause a denial of service (NULL pointer dereference and
+application crash) via a .phar file with a crafted TAR archive
+entry in which the Link indicator references a file that does
+not exist.
+
+Written-by: Stanislav Malyshev
+
+Binary files php-5.6.12.orig/ext/phar/tests/bug69720.phar and
php-5.6.12/ext/phar/tests/bug69720.phar differ
+diff -Nur php-5.6.12.orig/ext/phar/tests/bug69720.phpt
php-5.6.12/ext/phar/tests/bug69720.phpt
+--- php-5.6.12.orig/ext/phar/tests/bug69720.phpt 1970-01-01
08:00:00.0 +0800
php-5.6.12/ext/phar/tests/bug69720.phpt2015-12-16 17:15:56.703415339
+0800
+@@ -0,0 +1,40 @@
++--TEST--
++Phar - bug #69720 - Null pointer dereference in phar_get_fp_offset()
++--SKIPIF--
++
++--FILE--
++getMetadata();
++foreach (new RecursiveIteratorIterator($p) as $file) {
++// $file is a PharFileInfo class, and inherits from SplFileInfo
++ $temp="";
++$temp= $file->getFileName() . "\n";
++$temp.=file_get_contents($file->getPathName()) . "\n"; // display
contents
++ var_dump($file->getMetadata());
++}
++}
++ catch (Exception $e) {
++echo 'Could not open Phar: ', $e;
++}
++?>
++--EXPECTF--
++
++MY_METADATA_NULL
++
++Warning: file_get_contents(phar:///%s): failed to open stream: phar error:
"test.php" is not a file in phar "%s.phar" in %s.php on line %d
++array(1) {
++ ["whatever"]=>
++ int(123)
++}
++object(DateTime)#2 (3) {
++ ["date"]=>
++ string(26) "2000-01-01 00:00:00.00"
++ ["timezone_type"]=>
++ int(3)
++ ["timezone"]=>
++ string(3) "UTC"
++}
+diff -Nur php-5.6.12.orig/ext/phar/util.c php-5.6.12/ext/phar/util.c
+--- php-5.6.12.orig/ext/phar/util.c2015-12-16 17:06:04.011411206 +0800
php-5.6.12/ext/phar/util.c 2015-12-16 17:18:08.683416259 +0800
+@@ -494,7 +494,11 @@
+ (*ret)->is_tar = entry->is_tar;
+ (*ret)->fp = phar_get_efp(entry, 1 TSRMLS_CC);
+ if (entry->link) {
+- (*ret)->zero = phar_get_fp_offset(phar_get_link_source(entry
TSRMLS_CC) TSRMLS_CC);
++ phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC);
++ if(!link) {
++ return FAILURE;
++ }
++ (*ret)->zero = phar_get_fp_offset(link TSRMLS_CC);
+ } else {
+ (*ret)->zero = phar_get_fp_offset(entry TSRMLS_CC);
+ }
diff --git a/meta-oe/recipes-devtools/php/php.inc
b/meta-oe/recipes-devtools/php/php.inc
index 67d2362..4aa9c3f 100644
--- a/meta-oe/recipes-devtools/php/php.inc
+++ b/meta-oe/recipes-devtools/php/php.inc
@@ -14,6 +14,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
file://acinclude-xml2-config.patch \
file://0001-php-don-t-use-broken-wrapper-for-mkdir.patch \
file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \
+ file://php-CVE-2015-7803.patch \
"
SRC_URI_append_class-target += " \
--
1.9.1
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-networking] systemd.bbclass: delete dangling symblink
If only systemd is enabled, scripts of sysvinit under "/etc/init.d/"
will be deleted. But there may be some symblinks /etc/rc*/ that
points to the files under "/etc/init.d/". We need to delete them.
Signed-off-by: Jian Liu
---
meta/classes/systemd.bbclass | 29 +
1 file changed, 29 insertions(+)
diff --git a/meta/classes/systemd.bbclass b/meta/classes/systemd.bbclass
index c34884b..ff3e0f8 100644
--- a/meta/classes/systemd.bbclass
+++ b/meta/classes/systemd.bbclass
@@ -184,6 +184,31 @@ do_install[postfuncs] += "rm_systemd_unitdir "
python rm_sysvinit_initddir (){
import shutil
sysv_initddir = oe.path.join(d.getVar("D", True), (d.getVar('INIT_D_DIR',
True) or "/etc/init.d"))
+sysv_rcdirs = []
+cpath = oe.cachedpath.CachedPath()
+
+def check_dangling_sym(file,inst_root):
+if not cpath.islink(file):
+return False
+
+rtarget = cpath.realpath(file, inst_root, True, assume_dir = True)
+if not cpath.lexists(rtarget):
+return True
+
+return False
+
+# delete dangling symblink under rc*
+def rm_sysv_rcdirs():
+dest = d.getVar("D", True)
+rcdirs = "rc.d rc0.d rc1.d rc2.d rc3.d rc4.d rc5.d rc6.d rcS.d"
+
+for rcdir in rcdirs.split():
+path = dest + "/etc/" + rcdir
+for walk_root, walk_dirs, walk_files in cpath.walk(path):
+for file in walk_files:
+file = walk_root + "/" + file
+if check_dangling_sym(file, walk_root):
+sysv_rcdirs.append(file)
if bb.utils.contains('DISTRO_FEATURES', 'systemd', True, False, d) and \
not bb.utils.contains('DISTRO_FEATURES', 'sysvinit', True, False, d)
and \
@@ -193,5 +218,9 @@ python rm_sysvinit_initddir (){
# If systemd_unitdir contains anything, delete sysv_initddir
if (os.path.exists(systemd_unitdir) and os.listdir(systemd_unitdir)):
shutil.rmtree(sysv_initddir)
+
+rm_sysv_rcdirs()
+for rcdir in sysv_rcdirs:
+os.remove(rcdir)
}
do_install[postfuncs] += "rm_sysvinit_initddir "
--
1.8.5.2.233.g932f7e4
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH][meta-networking] ypbind-mt: set path of ypdomainname in ypbind script
The script ypbind will cause error if using ypdomainname command
provided by busybox. So add RDEPENDCY on yp-tools and change
the path of ypdomainname.
Signed-off-by: Jian Liu
---
recipes-support/nis/files/ypbind-yocto.init | 11 ++-
recipes-support/nis/ypbind-mt_1.36.bb | 1 +
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/recipes-support/nis/files/ypbind-yocto.init
b/recipes-support/nis/files/ypbind-yocto.init
index da533a1..f97a3e1 100644
--- a/recipes-support/nis/files/ypbind-yocto.init
+++ b/recipes-support/nis/files/ypbind-yocto.init
@@ -26,6 +26,7 @@
YPBIND_BIN=/usr/sbin/ypbind
pidfile=/var/run/ypbind.pid
+YPDOMAINNAME_bin=/usr/bin/ypdomainname
[ -f /etc/default/ypbind ] && . /etc/default/ypbind
@@ -34,14 +35,14 @@ case "$1" in
echo -n "Starting ypbind"
## If the domainname is not set, skip starting of ypbind
## and return with "program not configured"
-/bin/ypdomainname &> /dev/null
-if [ $? -ne 0 -o -z "`/bin/ypdomainname 2>/dev/null`" ]; then
+$YPDOMAINNAME_bin &> /dev/null
+if [ $? -ne 0 -o -z "`$YPDOMAINNAME_bin 2>/dev/null`" ]; then
if [ -f /etc/defaultdomain ]; then
XDOMAINNAME=`cat /etc/defaultdomain`
- /bin/ypdomainname "$XDOMAINNAME"
+ $YPDOMAINNAME_bin "$XDOMAINNAME"
fi
- /bin/ypdomainname &> /dev/null
- if [ $? -ne 0 -o -z "`/bin/ypdomainname 2>/dev/null`" ]; then
+ $YPDOMAINNAME_bin &> /dev/null
+ if [ $? -ne 0 -o -z "`$YPDOMAINNAME_bin 2>/dev/null`" ]; then
# Tell the user this has skipped
echo -n " . . . . . . . . . . No domainname set"
# service is not configured
diff --git a/recipes-support/nis/ypbind-mt_1.36.bb
b/recipes-support/nis/ypbind-mt_1.36.bb
index 35ef16a..4fdef9f 100644
--- a/recipes-support/nis/ypbind-mt_1.36.bb
+++ b/recipes-support/nis/ypbind-mt_1.36.bb
@@ -50,3 +50,4 @@ RPROVIDES_${PN} += "${PN}-systemd"
RREPLACES_${PN} += "${PN}-systemd"
RCONFLICTS_${PN} += "${PN}-systemd"
SYSTEMD_SERVICE_${PN} = "ypbind.service"
+RDEPENDS_${PN} += "yp-tools"
--
1.8.5.2.233.g932f7e4
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-oe] lvm2: files will be over written when updating using rpm
If there is no %config micro before the file in the spec file,
this file will be over-written after updating this package
using rpm.
This will make our settings lost.
Signed-off-by: Jian Liu
---
recipes-support/lvm2/lvm2.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-support/lvm2/lvm2.inc b/recipes-support/lvm2/lvm2.inc
index 1bbb158..42f6e3a 100644
--- a/recipes-support/lvm2/lvm2.inc
+++ b/recipes-support/lvm2/lvm2.inc
@@ -48,3 +48,5 @@ FILES_${PN} += "${libdir}/device-mapper/*.so
${base_libdir}/udev"
FILES_${PN}-dbg += "${libdir}/device-mapper/.debug"
RDEPENDS_${PN} = "bash"
+
+CONFFILES_${PN} += "${sysconfdir}/lvm/lvm.conf"
--
1.8.5.2.233.g932f7e4
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
