connman: upgrade 1.34 -> 1.35

Below two patches are applied in v1.35
- 0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch
- CVE-2017-12865.patch

(From OE-Core rev: f4b9c5dba4ca0c0242284eb8148e25e89f02d988)

Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch

@@ -1,72 +0,0 @@
-From 4058ce3186a99fd5f03350fc11a7fc8d38b6a381 Mon Sep 17 00:00:00 2001
-From: "Maxin B. John" <maxin.john@intel.com>
-Date: Mon, 8 May 2017 10:53:18 +0300
-Subject: [PATCH] firewall-nftables: fix build with libnftnl-1.0.7
-
-We need these updates to accommodate the changes caused by the following
-commit in libnftnl-1.0.7
-
-commit 907a9f8e5a93f5bcd449643eb3916a656d634758
-Author: Pablo Neira Ayuso <pablo@netfilter.org>
-Date:   Tue Dec 20 13:47:11 2016 +0100
-
-src: get rid of aliases and compat
-
-This machinery was introduced to avoid sudden compilation breakage of
-old nftables releases. With the upcoming release of 0.7 (and 0.6 which
-is now 6 months old) this is not required anymore.
-
-Moreover, users gain nothing from older releases since they are
-half-boiled and buggy.
-
-So let's get rid of aliases now. Bump LIBVERSION and update map file.
-
-Upstream-Status: Submitted
-
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
----
- src/firewall-nftables.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/firewall-nftables.c b/src/firewall-nftables.c
-index 583d1c4..83b137b 100644
---- a/src/firewall-nftables.c
-+++ b/src/firewall-nftables.c
-@@ -387,9 +387,9 @@ static int add_cmp(struct nftnl_rule *rule, uint32_t sreg, uint32_t op,
-         if (!expr)
-                 return -ENOMEM;
- 
--        nftnl_expr_set_u32(expr, NFT_EXPR_CMP_SREG, sreg);
--        nftnl_expr_set_u32(expr, NFT_EXPR_CMP_OP, op);
--        nftnl_expr_set(expr, NFT_EXPR_CMP_DATA, data, data_len);
-+        nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_SREG, sreg);
-+        nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_OP, op);
-+        nftnl_expr_set(expr, NFTNL_EXPR_CMP_DATA, data, data_len);
- 
-         nftnl_rule_add_expr(rule, expr);
- 
-@@ -575,8 +575,8 @@ static int build_rule_nat(const char *address, unsigned char prefixlen,
- 	expr = nftnl_expr_alloc("meta");
- 	if (!expr)
- 		goto err;
--	nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIFNAME);
--	nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
-+	nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIFNAME);
-+	nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
- 	nftnl_rule_add_expr(rule, expr);
- 	err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, interface,
- 			strlen(interface) + 1);
-@@ -677,8 +677,8 @@ static int build_rule_snat(int index, const char *address,
- 	expr = nftnl_expr_alloc("meta");
- 	if (!expr)
- 		goto err;
--	nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIF);
--	nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
-+	nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIF);
-+	nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
- 	nftnl_rule_add_expr(rule, expr);
- 	err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, &index, sizeof(index));
- 	if (err < 0)
--- 
-2.4.0
-

meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch

@@ -1,87 +0,0 @@
-From 5c281d182ecdd0a424b64f7698f32467f8f67b71 Mon Sep 17 00:00:00 2001
-From: Jukka Rissanen <jukka.rissanen@linux.intel.com>
-Date: Wed, 9 Aug 2017 10:16:46 +0300
-Subject: dnsproxy: Fix crash on malformed DNS response
-
-If the response query string is malformed, we might access memory
-pass the end of "name" variable in parse_response().
-
-CVE: CVE-2017-12865
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/patch/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- src/dnsproxy.c | 16 ++++++++++------
- 1 file changed, 10 insertions(+), 6 deletions(-)
-
-diff --git a/src/dnsproxy.c b/src/dnsproxy.c
-index 38ac5bf..40b4f15 100644
---- a/src/dnsproxy.c
-+++ b/src/dnsproxy.c
-@@ -838,7 +838,7 @@ static struct cache_entry *cache_check(gpointer request, int *qtype, int proto)
- static int get_name(int counter,
- 		unsigned char *pkt, unsigned char *start, unsigned char *max,
- 		unsigned char *output, int output_max, int *output_len,
--		unsigned char **end, char *name, int *name_len)
-+		unsigned char **end, char *name, size_t max_name, int *name_len)
- {
- 	unsigned char *p;
- 
-@@ -859,7 +859,7 @@ static int get_name(int counter,
- 
- 			return get_name(counter + 1, pkt, pkt + offset, max,
- 					output, output_max, output_len, end,
--					name, name_len);
-+					name, max_name, name_len);
- 		} else {
- 			unsigned label_len = *p;
- 
-@@ -869,6 +869,9 @@ static int get_name(int counter,
- 			if (*output_len > output_max)
- 				return -ENOBUFS;
- 
-+			if ((*name_len + 1 + label_len + 1) > max_name)
-+				return -ENOBUFS;
-+
- 			/*
- 			 * We need the original name in order to check
- 			 * if this answer is the correct one.
-@@ -900,14 +903,14 @@ static int parse_rr(unsigned char *buf, unsigned char *start,
- 			unsigned char *response, unsigned int *response_size,
- 			uint16_t *type, uint16_t *class, int *ttl, int *rdlen,
- 			unsigned char **end,
--			char *name)
-+			char *name, size_t max_name)
- {
- 	struct domain_rr *rr;
- 	int err, offset;
- 	int name_len = 0, output_len = 0, max_rsp = *response_size;
- 
- 	err = get_name(0, buf, start, max, response, max_rsp,
--		&output_len, end, name, &name_len);
-+			&output_len, end, name, max_name, &name_len);
- 	if (err < 0)
- 		return err;
- 
-@@ -1033,7 +1036,8 @@ static int parse_response(unsigned char *buf, int buflen,
- 		memset(rsp, 0, sizeof(rsp));
- 
- 		ret = parse_rr(buf, ptr, buf + buflen, rsp, &rsp_len,
--			type, class, ttl, &rdlen, &next, name);
-+			type, class, ttl, &rdlen, &next, name,
-+			sizeof(name) - 1);
- 		if (ret != 0) {
- 			err = ret;
- 			goto out;
-@@ -1099,7 +1103,7 @@ static int parse_response(unsigned char *buf, int buflen,
- 			 */
- 			ret = get_name(0, buf, next - rdlen, buf + buflen,
- 					rsp, rsp_len, &output_len, &end,
--					name, &name_len);
-+					name, sizeof(name) - 1, &name_len);
- 			if (ret != 0) {
- 				/* just ignore the error at this point */
- 				ptr = next;
--- 
-cgit v1.1
-

meta/recipes-connectivity/connman/connman_1.35.bb

@@ -2,17 +2,15 @@ require connman.inc
 
 SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
             file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
-            file://0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch \
             file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
             file://connman \
             file://no-version-scripts.patch \
             file://includes.patch \
-            file://CVE-2017-12865.patch \
             "
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \
                              "
 
-SRC_URI[md5sum] = "e200028702c831d5f535d20d61e608ef"
-SRC_URI[sha256sum] = "a9a0808c729c1f348fc36d8cecb52d19b72bc34cb411c502608cb0e0190fc71e"
+SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652"
+SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa"
 
 RRECOMMENDS_${PN} = "connman-conf"